diff --git a/src/encr.c b/src/encr.c deleted file mode 100644 index 792323a9..00000000 --- a/src/encr.c +++ /dev/null @@ -1,358 +0,0 @@ -/* - encr.c -- everything that deals with encryption - Copyright (C) 1998,1999,2000 Ivo Timmermans - 2000 Guus Sliepen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: encr.c,v 1.12.4.5 2000/09/15 12:58:38 zarq Exp $ -*/ - -#include "config.h" - -#include - -#include -#include -#include -#include -#include -#include -#include - -#ifdef HAVE_GMP_H -# include -#else -# ifdef HAVE_GMP2_GMP_H -# include -# endif -#endif - -#include -#include - -#include - -#include "conf.h" -#include "encr.h" -#include "net.h" -#include "protocol.h" - -#include "system.h" - -#define ENCR_GENERATOR "0xd" -#define ENCR_PRIME "0x7fffffffffffffffffffffffffffffff" /* Mersenne :) */ - -char text_key[1000]; -char *my_public_key_base36; -int key_inited = 0, encryption_keylen; -mpz_t my_private_key, my_public_key, generator, shared_prime; -int my_key_expiry = (time_t)(-1); - -char* mypassphrase; -int mypassphraselen; - -int char_hex_to_bin(int c) -{ - if(isdigit(c)) - return c - '0'; - else - return tolower(c) - 'a' + 10; -} - -int str_hex_to_bin(unsigned char *bin, unsigned char *hex) -{ - int i = 0, j = 0, l = strlen(hex); -cp - if(l&1) - { - i = j = 1; - bin[0] = char_hex_to_bin(hex[0]); - } - for(; i < l; i+=2, j++) - bin[j] = (char_hex_to_bin(hex[i]) << 4) + char_hex_to_bin(hex[i+1]); -cp - return j&1?j+1:j; -} - -int read_passphrase(char *which, char **out) -{ - FILE *f; - config_t const *cfg; - char *filename; - int size; - extern char *confbase; - char *pp; -cp - if((cfg = get_config_val(passphrasesdir)) == NULL) - { - asprintf(&filename, "%spassphrases/%s", confbase, which); - } - else - { - asprintf(&filename, "%s/%s", (char*)cfg->data.ptr, which); - } - - if((f = fopen(filename, "rb")) == NULL) - { - if(debug_lvl > 1) - syslog(LOG_ERR, _("Could not open %s: %m"), filename); - return -1; - } - - fscanf(f, "%d ", &size); - if(size < 1 || size > (1<<15)) - { - syslog(LOG_ERR, _("Illegal passphrase in %s; size would be %d"), filename, size); - return -1; - } - - /* Hmz... hackish... strange +1 and +2 stuff... I really like more comments on those alignment thingies! */ - - pp = xmalloc(size/4 + 1); /* Allocate enough for fgets */ - fgets(pp, size/4 + 1, f); /* Read passhrase and reserve one byte for end-of-string */ - fclose(f); - - *out = xmalloc(size/8 + 2); /* Allocate enough bytes, +1 for rounding if bits%8 != 0, +1 for 2-byte alignment */ -cp - return str_hex_to_bin(*out, pp); -} - -int read_my_passphrase(void) -{ -cp - if((mypassphraselen = read_passphrase("local", &mypassphrase)) < 0) - return -1; -cp - return 0; -} - -int generate_private_key(void) -{ - FILE *f; - int i; - char *s; - config_t const *cfg; -cp - if((cfg = get_config_val(keyexpire)) == NULL) - my_key_expiry = (time_t)(time(NULL) + 3600); - else - my_key_expiry = (time_t)(time(NULL) + cfg->data.val); - - if(debug_lvl > 1) - syslog(LOG_NOTICE, _("Generating %d bits keys"), PRIVATE_KEY_BITS); - - if((f = fopen("/dev/urandom", "r")) == NULL) - { - syslog(LOG_ERR, _("Opening /dev/urandom failed: %m")); - return -1; - } - - s = xmalloc((2 * PRIVATE_KEY_LENGTH) + 1); - - for(i = 0; i < PRIVATE_KEY_LENGTH; i++) - sprintf(&s[i << 1], "%02x", fgetc(f)); - - s[2 * PRIVATE_KEY_LENGTH] = '\0'; - - mpz_set_str(my_private_key, s, 16); -cp - return 0; -} - -void calculate_public_key(void) -{ -cp - mpz_powm(my_public_key, generator, my_private_key, shared_prime); - my_public_key_base36 = mpz_get_str(NULL, 36, my_public_key); -cp -} - -unsigned char static_key[] = { 0x9c, 0xbf, 0x36, 0xa9, 0xce, 0x20, 0x1b, 0x8b, 0x67, 0x56, 0x21, 0x5d, 0x27, 0x1b, 0xd8, 0x7a }; - -int security_init(void) -{ -cp - mpz_init(my_private_key); - mpz_init(my_public_key); - mpz_init_set_str(shared_prime, ENCR_PRIME, 0); - mpz_init_set_str(generator, ENCR_GENERATOR, 0); - - if(read_my_passphrase() < 0) - return -1; - if(generate_private_key() < 0) - return -1; - - if(cipher_init(CIPHER_BLOWFISH) < 0) - return -1; - - calculate_public_key(); -cp - return 0; -} - -void set_shared_key(char *almost_key) -{ - char *tmp; - int len; - mpz_t ak, our_shared_key; -cp - mpz_init_set_str(ak, almost_key, 36); - mpz_init(our_shared_key); - mpz_powm(our_shared_key, ak, my_private_key, shared_prime); - - tmp = mpz_get_str(NULL, 16, our_shared_key); - len = str_hex_to_bin(text_key, tmp); - - cipher_set_key(&encryption_key, len, text_key); - key_inited = 1; - encryption_keylen = len; - - if(debug_lvl > 2) - syslog(LOG_INFO, _("Encryption key set to %s"), tmp); - - free(tmp); - mpz_clear(ak); - mpz_clear(our_shared_key); -cp -} - - -void encrypt_passphrase(passphrase_t *pp) -{ - char key[1000]; - char tmp[1000]; - unsigned char phrase[1000]; - int keylen; - int i; - BF_KEY bf_key; - -cp - mpz_get_str(tmp, 16, my_public_key); - keylen = str_hex_to_bin(key, tmp); - - cipher_set_key(&bf_key, keylen, key); - - low_crypt_key(mypassphrase, phrase, &bf_key, mypassphraselen, BF_ENCRYPT); - pp->len = ((mypassphraselen - 1) | 7) + 1; - pp->phrase = xmalloc((pp->len << 1) + 1); - - for(i = 0; i < pp->len; i++) - snprintf(&(pp->phrase)[i << 1], 3, "%02x", (int)phrase[i]); - - pp->phrase[(pp->len << 1) + 1] = '\0'; - - if(key_inited) - cipher_set_key(&encryption_key, encryption_keylen, text_key); -cp -} - -int verify_passphrase(conn_list_t *cl, unsigned char *his_pubkey) -{ - char key[1000]; - char *tmp; - unsigned char phrase[1000]; - int keylen, pplen; - mpz_t pk; - unsigned char *out; - BF_KEY bf_key; - char *which; - char *meuk; -cp - mpz_init_set_str(pk, his_pubkey, 36); - tmp = mpz_get_str(NULL, 16, pk); - keylen = str_hex_to_bin(key, tmp); - out = xmalloc((cl->pp->len >> 1) + 3); - pplen = str_hex_to_bin(phrase, cl->pp->phrase); - - cipher_set_key(&bf_key, keylen, key); - low_crypt_key(phrase, out, &bf_key, pplen, BF_DECRYPT); - if(key_inited) - cipher_set_key(&encryption_key, encryption_keylen, text_key); - - asprintf(&which, IP_ADDR_S, IP_ADDR_V(cl->vpn_ip)); - if((pplen = read_passphrase(which, &meuk)) < 0) - return -1; - - if(memcmp(meuk, out, pplen)) - return -1; -cp - return 0; -} - -char *make_shared_key(char *pk) -{ - mpz_t tmp, res; - char *r; -cp - mpz_init_set_str(tmp, pk, 36); - mpz_init(res); - mpz_powm(res, tmp, my_private_key, shared_prime); - - r = mpz_get_str(NULL, 36, res); - - mpz_clear(res); - mpz_clear(tmp); -cp - return r; -} - -/* - free a key after overwriting it -*/ -void free_key(enc_key_t *k) -{ -cp - if(!k) - return; - if(k->key) - { - memset(k->key, (char)(-1), k->length); - free(k->key); - } - free(k); -cp -} - -void recalculate_encryption_keys(void) -{ - conn_list_t *p; - char *ek; -cp - for(p = conn_list; p != NULL; p = p->next) - { - if(!p->public_key || !p->public_key->key) - /* We haven't received a key from this host (yet). */ - continue; - ek = make_shared_key(p->public_key->key); - free_key(p->datakey); - p->datakey = xmalloc(sizeof(*p->datakey)); - p->datakey->length = strlen(ek); - p->datakey->expiry = p->public_key->expiry; - p->datakey->key = xmalloc(strlen(ek) + 1); - strcpy(p->datakey->key, ek); - } -cp -} - -void regenerate_keys(void) -{ -cp - generate_private_key(); - calculate_public_key(); - send_key_changed_all(); - recalculate_encryption_keys(); -cp -} diff --git a/src/encr.h b/src/encr.h deleted file mode 100644 index 3b3aead7..00000000 --- a/src/encr.h +++ /dev/null @@ -1,46 +0,0 @@ -/* - encr.h -- header for encr.c - Copyright (C) 1998,1999,2000 Ivo Timmermans - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: encr.h,v 1.2.4.2 2000/10/11 10:35:15 guus Exp $ -*/ - -#ifndef __TINC_ENCR_H__ -#define __TINC_ENCR_H__ - -#include "net.h" - -#define PRIVATE_KEY_BITS 128 -#define PRIVATE_KEY_LENGTH (PRIVATE_KEY_BITS >> 3) - -extern char *my_public_key_base36; -extern int my_key_expiry; - -extern int security_init(void); - -extern int send_portnumbers(int); -extern void set_shared_key(char *); -extern int send_passphrase(conn_list_t *); -extern int send_public_key(conn_list_t *); -extern int verify_passphrase(conn_list_t *, unsigned char *); -extern char *make_shared_key(char*); -extern void encrypt_passphrase(passphrase_t *pp); -extern void free_key(enc_key_t*); -extern void regenerate_keys(void); - -#endif /* __TINC_ENCR_H__ */ - diff --git a/src/net.c b/src/net.c index 480a1264..b52412d8 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.52 2000/10/29 02:07:40 guus Exp $ + $Id: net.c,v 1.35.4.53 2000/10/29 09:19:24 guus Exp $ */ #include "config.h" @@ -48,7 +48,6 @@ #include #include "conf.h" -#include "encr.h" #include "net.h" #include "netutl.h" #include "protocol.h" diff --git a/src/net.h b/src/net.h index b265122a..98366349 100644 --- a/src/net.h +++ b/src/net.h @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.19 2000/10/29 01:27:23 guus Exp $ + $Id: net.h,v 1.9.4.20 2000/10/29 09:19:25 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -78,11 +78,6 @@ typedef struct vpn_packet_t { unsigned char data[MAXSIZE]; } vpn_packet_t; -typedef struct passphrase_t { - unsigned short len; - unsigned char *phrase; -} passphrase_t; - typedef struct queue_element_t { void *packet; struct queue_element_t *prev; diff --git a/src/netutl.c b/src/netutl.c index ff6114c2..b80473b1 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.13 2000/10/24 15:46:17 guus Exp $ + $Id: netutl.c,v 1.12.4.14 2000/10/29 09:19:25 guus Exp $ */ #include "config.h" @@ -35,7 +35,6 @@ #include "errno.h" #include "conf.h" -#include "encr.h" #include "net.h" #include "netutl.h" diff --git a/src/protocol.c b/src/protocol.c index 89e89fa9..50889b91 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.49 2000/10/29 01:08:09 guus Exp $ + $Id: protocol.c,v 1.28.4.50 2000/10/29 09:19:25 guus Exp $ */ #include "config.h" @@ -40,7 +40,6 @@ #include #include "conf.h" -#include "encr.h" #include "net.h" #include "netutl.h" #include "protocol.h" @@ -1068,18 +1067,21 @@ cp keylength = strlen(pktkey); -/* Don't do this... yet - if((keylength%2) || (keylength <= 0)) + if((keylength%2)!=0 || (keylength <= 0)) { syslog(LOG_ERR, _("Got bad ANS_KEY from %s (%s) origin %s: invalid key"), cl->name, cl->hostname, from->name); free(from_id); free(to_id); free(pktkey); return -1; } + + if(from->cipher_pktkey) + free(from->cipher_pktkey); + keylength /= 2; hex2bin(pktkey, pktkey, keylength); - BF_set_key(cl->cipher_pktkey, keylength, pktkey); -*/ + pktkey[keylength] = '\0'; + from->cipher_pktkey = pktkey; from->status.validkey = 1; from->status.waitingforkey = 0; diff --git a/src/tincd.c b/src/tincd.c index a220154b..75482357 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.18 2000/10/29 02:07:41 guus Exp $ + $Id: tincd.c,v 1.10.4.19 2000/10/29 09:19:27 guus Exp $ */ #include "config.h" @@ -44,7 +44,6 @@ #include #include "conf.h" -#include "encr.h" #include "net.h" #include "netutl.h" #include "protocol.h" @@ -252,7 +251,7 @@ int detach(void) if(pid) /* parent process */ { signal(SIGTERM, parent_exit); -// sleep(600); /* wait 10 minutes */ + sleep(600); /* wait 10 minutes */ exit(1); } } @@ -447,7 +446,7 @@ main(int argc, char **argv, char **envp) { main_loop(); cleanup_and_exit(1); - } + } syslog(LOG_ERR, _("Unrecoverable error")); cp_trace(); @@ -470,6 +469,7 @@ sigterm_handler(int a) { if(debug_lvl > DEBUG_NOTHING) syslog(LOG_NOTICE, _("Got TERM signal")); + cleanup_and_exit(0); }